1 ca-certificates (20120623) UNRELEASED; urgency=low
3 * Add Polish translation, thanks to Michał Kułach. Closes: #660002
4 * Add Turkish translation, thanks to Atila KOÇ. Closes: #661785
5 * Correct update-ca-certificates(8) alignment Closes: #666932
6 * Update mozilla/certdata.txt to version 1.83
7 Mozilla Public License updated to v2.0
9 * Update debian/copyright to reflect MPL v2.0
10 * Update debian/NEWS with added/removed certs from 20111211 and 20120212
12 -- Michael Shuler <michael@pbandjelly.org> Fri, 22 Jun 2012 19:44:14 -0500
14 ca-certificates (20120212) unstable; urgency=low
16 * Update mozilla/certdata.txt to version 1.81
17 Certificates added (+) and removed (-):
18 + "Security Communication RootCA2"
20 + "Hellenic Academic and Research Institutions RootCA 2011"
21 - "Verisign Class 2 Public Primary Certification Authority"
22 - "Verisign Class 4 Public Primary Certification Authority - G2"
23 - "TC TrustCenter, Germany, Class 2 CA"
24 - "TC TrustCenter, Germany, Class 3 CA"
25 * Add notice to README.Debian deprecating CA inclusions and refer to
26 #647848 for Debian CA Certificate Policy discussion.
28 -- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600
30 ca-certificates (20111211) unstable; urgency=low
32 * Clarify CA audit note in package description and README.debian. Thanks
33 to C.J. Adams-Collier for the patch. Closes: #594383
34 * Remove French Government IGC/A CA certificates. The RSA certificate is
35 included in the Mozilla bundle and the DSA certificate is not in use.
37 * Remove expired signet.pl CAs. Closes: #647849
38 * Remove expired brasil.gov.br CA.
39 * Edit 20111025 changelog/NEWS entries to correctly list installed CAs
40 * Use 'set -e' in body of debian/postinst
41 * Update mozilla/certdata.txt to version 1.80
42 (no added/removed CAs)
43 * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
45 -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
47 ca-certificates (20111025) unstable; urgency=low
50 * Add 3.0 (native) source format
51 * Add Vcs-Git/Browser fields
52 * Add myself as new Maintainer with Uploaders Closes: #588219
53 * Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
54 Certificates added (+) and removed (-):
55 + "AffirmTrust Commercial"
56 + "AffirmTrust Networking"
57 + "AffirmTrust Premium"
58 + "AffirmTrust Premium ECC"
60 + "Certinomis - Autorité Racine"
61 + "Certum Trusted Network CA"
62 + "Go Daddy Root Certificate Authority - G2"
63 + "Root CA Generalitat Valenciana"
64 + "Starfield Root Certificate Authority - G2"
65 + "Starfield Services Root Certificate Authority - G2"
66 + "TWCA Root Certification Authority"
67 - "AOL Time Warner Root Certification Authority 1"
68 - "AOL Time Warner Root Certification Authority 2"
70 - "Entrust.net Global Secure Personal CA"
71 - "Entrust.net Global Secure Server CA"
72 - "Entrust.net Secure Personal CA"
73 - "IPS Chained CAs root"
78 - "IPS Timestamping root"
79 - "Thawte Personal Freemail CA"
80 - "Thawte Time Stamping CA"
81 * Update CAcert-Class 3-Subroot-certificate Closes: #630232
84 * sbin/update-ca-certificates: move the ca-certificates.crt bundle out of
85 the way before calling c_rehash, so that symlinks don't accidentally get
86 pointed here, breaking openssl certificate verification LP: #854927
89 * Drop bogus c_rehash on upgrades, which caused issue when
90 ca-certificates.crt was still in place; instead, call
91 update-ca-certificates --fresh on upgrades to this version, and
92 the usual update-ca-certificates otherwise Closes: #643667, #537382
94 -- Michael Shuler <michael@pbandjelly.org> Tue, 25 Oct 2011 09:12:10 -0500
96 ca-certificates (20111022) unstable; urgency=low
99 * Fix pending l10n issues. Debconf translations:
100 - German (Helge Kreutzmann). Closes: #634000
101 - French (Christian Perrier). Closes: #634092
102 - Russian (Yuri Kozlov). Closes: #635146
103 - Swedish (Martin Bagge / brother). Closes: #640622
104 - Slovak (Slavko). Closes: #641987
105 - Spanish; (Javier Fernández-Sanguino). Closes: #642359
106 - Japanese (Kenshi Muto). Closes: #644828
107 - Czech (Miroslav Kure). Closes: #644843
108 - Danish (Joe Hansen). Closes: #644854
109 - Italian (Luca Monducci). Closes: #645004
110 - Dutch; (Jeroen Schot). Closes: #645090
111 - Portuguese (Miguel Figueiredo). Closes: #645126
112 - Galician (Jorge Barreiro). Closes: #645138
113 - Catalan; (Jordi Mallach). Closes: #645182
114 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #645526
115 * Split Choices in debconf templates
116 * Add build-arch and build-indep build targets
117 * Bump debhelper compatibility level to 8
118 * Bump Standards to 3.9.2 (checked)
119 * Replace "dh_clean -k" by dh_prep
121 -- Christian Perrier <bubulle@debian.org> Sat, 22 Oct 2011 14:24:00 +0200
123 ca-certificates (20110502+nmu1) unstable; urgency=high
125 * Non-maintainer upload by the Security Team.
126 * Blacklist "DigiNotar Root CA" (Closes: #639744)
128 -- Raphael Geissert <geissert@debian.org> Tue, 30 Aug 2011 21:00:55 -0500
130 ca-certificates (20110502) unstable; urgency=low
133 * Mark the package as multi-arch:foreign. (Closes: #622323)
134 * Use db_settitle in config script to allow translations of the
135 dialog title; thanks to Frans Pop. (Closes: #560314)
137 -- Philipp Kern <pkern@debian.org> Mon, 02 May 2011 19:27:50 +0200
139 ca-certificates (20110421) unstable; urgency=low
142 * Package is orphaned, set maintainer to QA group
143 * Depend on openssl 1.0.0 and force a call of c_rehash so that we have
144 both the old and new style of symlinks. (Closes: #611102)
145 * Remove libssl0.9.8 from enhances
146 * Update mozilla certdata.txt file to the latest version.
148 - ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
149 - beTRUSTed_Root_CA-Baltimore_Implementation.crt
150 - beTRUSTed_Root_CA.crt
151 - beTRUSTed_Root_CA_-_Entrust_Implementation.crt
152 - beTRUSTed_Root_CA_-_RSA_Implementation.crt
153 - Digital_Signature_Trust_Co._Global_CA_2.crt
154 - Digital_Signature_Trust_Co._Global_CA_4.crt
155 - Entrust.net_Global_Secure_Personal_CA.crt
156 - Entrust.net_Global_Secure_Server_CA.crt
157 - Entrust.net_Secure_Personal_CA.crt
158 - GTE_CyberTrust_Root_CA.crt
159 - IPS_Chained_CAs_root.crt
160 - IPS_CLASE1_root.crt
161 - IPS_CLASE3_root.crt
162 - IPS_CLASEA1_root.crt
163 - IPS_CLASEA3_root.crt
164 - IPS_Servidores_root.crt
165 - IPS_Timestamping_root.crt
166 - RSA_Security_1024_v3.crt
168 - Thawte_Personal_Basic_CA.crt
169 - Thawte_Personal_Premium_CA.crt
170 - UTN-USER_First-Network_Applications.crt
171 - Verisign_RSA_Secure_Server_CA.crt
172 - Verisign_Time_Stamping_Authority_CA.crt
173 - Visa_International_Global_Root_2.crt
176 - AC_Raíz_Certicámara_S.A..crt
177 - ApplicationCA_-_Japanese_Government.crt
178 - Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
179 - Buypass_Class_2_CA_1.crt
180 - Buypass_Class_3_CA_1.crt
183 - certSIGN_ROOT_CA.crt
184 - Chambers_of_Commerce_Root_-_2008.crt
187 - ComSign_Secured_CA.crt
188 - Cybertrust_Global_Root.crt
189 - Deutsche_Telekom_Root_CA_2.crt
190 - EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt
191 - E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt
192 - ePKI_Root_Certification_Authority.crt
193 - GeoTrust_Primary_Certification_Authority_-_G2.crt
194 - GeoTrust_Primary_Certification_Authority_-_G3.crt
195 - Global_Chambersign_Root_-_2008.crt
196 - GlobalSign_Root_CA_-_R3.crt
197 - Hongkong_Post_Root_CA_1.crt
201 - Microsec_e-Szigno_Root_CA_2009.crt
202 - Microsec_e-Szigno_Root_CA.crt
203 - NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt
204 - OISTE_WISeKey_Global_Root_GA_CA.crt
205 - SecureSign_RootCA11.crt
206 - Security_Communication_EV_RootCA1.crt
207 - Staat_der_Nederlanden_Root_CA_-_G2.crt
208 - S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt
209 - TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt
210 - TC_TrustCenter_Class_2_CA_II.crt
211 - TC_TrustCenter_Class_3_CA_II.crt
212 - TC_TrustCenter_Universal_CA_I.crt
213 - TC_TrustCenter_Universal_CA_III.crt
214 - thawte_Primary_Root_CA_-_G2.crt
215 - thawte_Primary_Root_CA_-_G3.crt
216 - VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt
217 - VeriSign_Universal_Root_Certification_Authority.crt
219 - Verisign_Class_1_Public_Primary_Certification_Authority.crt
220 - Verisign_Class_3_Public_Primary_Certification_Authority.crt
221 * Remove telesec.de/deutsche-telekom-root-ca-2.crt, now in mozilla.
222 * String decode the mozilla certdata.txt so the filenames show up as
223 proper UTF-8 strings.
225 -- Kurt Roeckx <kurt@roeckx.be> Thu, 21 Apr 2011 18:56:08 +0200
227 ca-certificates (20090814+nmu3) unstable; urgency=low
229 * Non-maintainer upload.
230 * Fix pending l10n issues. Debconf translations:
231 - French (Christian Perrier). Closes: #594231
232 - Danish (Joe Hansen). Closes: #601129
233 - Catalan (Jordi Mallach). Closes: #601089
234 - Brazilian Portuguese (Adriano Rafael Gomes). Closes: #618633
236 -- Christian Perrier <bubulle@debian.org> Sat, 19 Mar 2011 07:47:00 +0100
238 ca-certificates (20090814+nmu2) unstable; urgency=low
240 * Non-maintainer upload.
241 * Fixes buggy shell functions included in the postinst script.
244 -- Maximiliano Curia <maxy@debian.org> Fri, 13 Aug 2010 20:16:21 -0300
246 ca-certificates (20090814+nmu1) unstable; urgency=low
248 * Non-maintainer upload.
249 * Preserve user changes to the /etc/ca-certificates.conf.
252 -- Maximiliano Curia <maxy@debian.org> Fri, 30 Jul 2010 12:55:28 -0400
254 ca-certificates (20090814) unstable; urgency=low
256 * Call Debconf and its db_purge as early as possible in postrm.
259 -- Philipp Kern <pkern@debian.org> Fri, 14 Aug 2009 11:10:00 +0200
261 ca-certificates (20090709) unstable; urgency=low
263 * Fix purge by checking for `/etc/ssl/certs' first. (Closes: #536331)
265 -- Philipp Kern <pkern@debian.org> Thu, 09 Jul 2009 10:35:39 +0200
267 ca-certificates (20090708) unstable; urgency=low
270 - cacert.org/root.crt and cacert.org/class3.crt:
271 Both certificate files were deprecated with 20080809. Users of these
272 root certificates are encouraged to switch to
273 `cacert.org/cacert.org.crt' which contains both class 1 and class 3
274 roots joined in a single file.
275 - quovadis.bm/QuoVadis_Root_Certification_Authority.crt:
276 This certificate has been added into the Mozilla truststore and
277 is available as `mozilla/QuoVadis_Root_CA.crt'.
278 * Do not redirect c_rehash error messages to /dev/null.
280 * Remove dangling symlinks on purge, which also gets rid of the hash
281 symlink for ca-certificates.crt. (Closes: #475240)
282 * Use subshells when grepping for certificates in config, avoiding
283 SIGPIPE because of grep's immediate exit after it finds the pattern.
285 * Fix VERBOSE_ARG usage in update-ca-certificates. Thanks to
286 Robby Workman of Slackware.
287 * Updated Standards-Version and FSF portal address in the copyright file.
289 -- Philipp Kern <pkern@debian.org> Wed, 08 Jul 2009 23:19:56 +0200
291 ca-certificates (20090701) unstable; urgency=low
293 * Reactivated "Equifax Secure Global eBusiness CA". (Closes: #534674)
294 Rationale: The rogue collision CA has its validity period in the past.
295 Thus it does not impose a risk upon us at the moment.
296 * Restrict search for local certificates to add on files ending with '.crt'.
297 * Canonicalize PEM names by applying the same set of substitions to
298 local and other certificates like the Mozilla certdata dumper does.
300 -- Philipp Kern <pkern@debian.org> Wed, 01 Jul 2009 14:50:00 +0200
302 ca-certificates (20090624) unstable; urgency=low
304 * Allow local certificate installation. All certificates found
305 in `/usr/local/share/ca-certificates' will be automatically added
306 to the list of trusted certificates in `/etc/ssl/certs'.
307 (Closes: #352637, #419491, #473677, #476663, #511150)
308 * Updated Mozilla certificates from nss 3.12.3-1 (certdata.txt revision
310 + COMODO ECC Certification Authority
312 + Network Solutions Certificate Authority
313 + WellsSecure Public Root Certificate Authority
314 - Equifax Secure Global eBusiness CA
315 - UTN USERFirst Object Root CA
316 * Reimplemented the Mozilla certdata parser mainly to exclude explicitly
317 untrusted certificates. This led to the exclusion of the
318 "MD5 Collisions Forged Rogue CA 23c3" and its parent
319 "Equifax Secure Global eBusiness CA". Furthermore code signing-only
320 certificates are no longer included neither.
321 * Remove the purging of old PEM files in postinst dating back to
322 versions earlier than 20030414.
323 * Hooks are now called at every invocation of `update-ca-certificates'.
324 If no changes were done to `/etc/ssl/certs', the input for the
325 hooks will be empty, though. Failure exit codes of hooks will not
326 tear down the upgrade process anymore. They are printed but ignored.
328 -- Philipp Kern <pkern@debian.org> Tue, 24 Jun 2009 21:04:08 +0200
330 ca-certificates (20081127) unstable; urgency=low
332 * Remove /etc/ssl{,/certs} in postrm to please piuparts. (Closes:
335 -- Philipp Kern <pkern@debian.org> Thu, 27 Nov 2008 19:13:17 +0100
337 ca-certificates (20080809) unstable; urgency=low
339 * New cacert.org.pem joining both CACert Class 1 and Class 3 certificates.
340 This file can be used for proper certificate chaining if CACert
341 server certificates are used. The old class3.pem and root.pem
342 certificates are deprecated. This new file could safely serve as
343 a replacement for both. (Closes: #494343)
344 * This also reintroduces the old name for the CACert certificate,
345 thus closing a long-standing bug about its rename to root.crt.
348 -- Philipp Kern <pkern@debian.org> Sat, 09 Aug 2008 14:58:24 -0300
350 ca-certificates (20080617) unstable; urgency=low
352 * Added French Government's IGC/A CA (both DSA and RSA).
355 -- Philipp Kern <pkern@debian.org> Mon, 23 Jun 2008 20:55:53 +0200
357 ca-certificates (20080616) unstable; urgency=low
359 * Fix installation on pt_BR locales. The problem was caused by the
360 .templates choices strings being marked for translation, with pt_BR
361 being the only language which actually translated them. Thanks to
362 Ubuntu for the fix, which needs to be around until Lenny is released
363 or six months have passed, whichever is later. (Closes: #472507)
364 * Drop Fumitoshi from the list of maintainers. Farewell!
365 * Bump Standards-Version to 3.8.0.
367 -- Philipp Kern <pkern@debian.org> Mon, 16 Jun 2008 17:41:50 +0200
369 ca-certificates (20080514) unstable; urgency=medium
371 * Added the new SPI CA certificate, created in response to the latest
372 openssl security update.
373 * Removed old SPI CA certificates (2006, 2007) as CAs cannot be
374 revoked sensibly. Expired CA created in 2003, expired in 2007 left
375 around for reference.
376 * Updated the Galician translation, thanks to Glennie Vignarajah.
379 -- Philipp Kern <pkern@debian.org> Wed, 14 May 2008 10:03:42 +0200
381 ca-certificates (20080411) unstable; urgency=low
383 * Added the current SPI CA certificate, used by Debian's infrastructure.
384 * Added Deutsche Telekom Root CA 2, which is used by German institutions
386 * Updated mozilla certificates from trunk, which led to the following
387 adds (+) and removes (-):
388 + Camerfirma Chambers of Commerce Root
389 + Camerfirma Global Chambersign Root
390 + Certplus Class 2 Primary CA
391 + COMODO Certification Authority
392 + DigiCert Assured ID Root CA
393 + DigiCert Global Root CA
394 + DigiCert High Assurance EV Root CA
397 + Entrust Root Certification Authority
398 + Firmaprofesional Root CA
399 + GeoTrust Global CA 2
400 + GeoTrust Primary Certification Authority
401 + GeoTrust Universal CA
402 + GeoTrust Universal CA 2
403 + GlobalSign Root CA - R2
404 + Go Daddy Class 2 CA
405 + NetLock Business (Class B) Root
406 + NetLock Express (Class C) Root
407 + NetLock Notary (Class A) Root
408 + NetLock Qualified (Class QA) Root
413 + Starfield Class 2 CA
414 + StartCom Certification Authority
417 + SwissSign Gold CA - G2
418 + SwissSign Platinum CA - G2
419 + SwissSign Silver CA - G2
421 + thawte Primary Root CA
422 + TURKTRUST Certificate Services Provider Root 1
423 + TURKTRUST Certificate Services Provider Root 2
424 + VeriSign Class 3 Public Primary Certification Authority - G5
425 + Wells Fargo Root CA
426 + XRamp Global CA Root
427 - Verisign Class 1 Public Primary OCSP Responder
428 - Verisign Class 2 Public Primary OCSP Responder
429 - Verisign Class 3 Public Primary OCSP Responder
430 - Verisign Secure Server OCSP Responder
431 (Closes: #447062, #456581)
432 * Updated the Russian debconf translation, thanks to Mikhail Gusarov.
434 * Reworded the description and made it static to ease translations.
435 * Reworded and amended README.Debian.
436 * Added myself to the uploaders of this package.
437 * Applied a patch by Martin F. Krafft to support hooks scripts
438 on add/remove of a certificate. (Closes: #377314)
440 -- Philipp Kern <pkern@debian.org> Sat, 12 Apr 2008 17:35:26 +0200
442 ca-certificates (20070303-0.1) unstable; urgency=low
444 * Non-maintainer upload to fix longstanding pending l10n issues.
445 * Debconf templates and debian/control reviewed by the debian-l10n-
446 english team as part of the Smith review project.
447 Closes: #432249, #434789
448 * Debconf translation updates:
449 - Japanese. Closes:#433067
450 - Basque. Closes: #433074
451 - Spanish. Closes: #433078
452 - Czech. Closes: #433100
453 - Galician. Closes: #433215
454 - Russian. Closes: #433224
455 - Swedish. Closes: #433432
456 - Vietnamese. Closes: #433792, #427000, #434992
457 - Dutch. Closes: #434670
458 - German. Closes: #434788
459 - Italian. Closes: #435029
460 * Portuguese. Closes: #435471
461 * Finnish. Closes: #448826
462 * Remove /etc/ssl when purging the package (only if that
463 directory is empty). Closes: #454334
464 * [Lintian] Give a reference to the GPL text in debian/copyright
465 * [Lintian] No longer ignore errors from "make clean"
466 * [Lintian] Upgrade debhelper compatibility to 4 (with debian/compat).
468 -- Christian Perrier <bubulle@debian.org> Thu, 14 Feb 2008 19:52:37 +0100
470 ca-certificates (20070303) unstable; urgency=low
472 * Add debconf.org crt. closes: Bug#342088
473 * Add cacert class3 crt. closes: Bug#350282
474 * Add debian/po/pt.po. closes: Bug#408183
475 * Update debian/po/ru.po. closes: Bug#410770
476 * Update debian/po/pt_BR.po. closes: Bug#403824
477 * Add debian/po/gl.po. closes: Bug#407951
479 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 4 Mar 2007 14:12:23 +0900
481 ca-certificates (20061027.2) unstable; urgency=low
483 * Non-maintainer upload to fix an RC issue revealed by the last NMU.
484 * Avoid cd to /etc/ssl/certs to removing hash symlinks
487 -- Christian Perrier <bubulle@debian.org> Fri, 2 Feb 2007 07:23:27 +0100
489 ca-certificates (20061027.1) unstable; urgency=low
491 * Non-maintainer upload to fix remaining l10n issues
492 * Debconf translation updates:
493 - Czech. Closes: #407807
494 - Spanish. Closes: #401968
495 - German. Closes: #396942
496 * Add debconf-updatepo to the clean target in debian/rules
497 to guarantee up-to-date PO(T) files
499 -- Christian Perrier <bubulle@debian.org> Mon, 22 Jan 2007 18:56:53 +0100
502 ca-certificates (20061027) unstable; urgency=low
504 * sbin/update-ca-certificates:
505 in fresh mode, rm symlinks only point to /usr/share/ca-certificates.
506 preserve other symlinks. closes: Bug#387089
507 * debian/po/nl.po: updated
509 * debian/po/fr.po: updated
511 * debian/po/da.po: updated
514 -- Fumitoshi UKAI <ukai@debian.or.jp> Sat, 28 Oct 2006 02:28:50 +0900
516 ca-certificates (20060816) unstable; urgency=low
518 * debian/control: explicitly mention that trustworthiness of certificate
519 authorities is not evaluated.
521 * debian/templates: refine messages
523 * debian/postinst: remove tailing spaces to avoid unnecessary dpkg-old file.
525 * debian/control: libssl0.9.7->libssl0.9.8
527 * debian/postrm: remove .dpkg-old files
529 * debian/README.Debian: fix
531 * debian/postinst: fix typo
533 * debian/po/sv.po: added
535 * debian/po/es.po: added
537 * add new SPI CA certificate
538 submitted by Michael C. Schultheiss <schultmc@debian.org>
540 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 17 Aug 2006 13:12:27 +0900
542 ca-certificates (20050804) unstable; urgency=low
544 * use ${misc:Depends} in debian/control for debconf
545 * update description in debian/control
547 * update debian/po/vi.po
549 * update debian/po/de.po
552 -- Fumitoshi UKAI <ukai@debian.or.jp> Thu, 4 Aug 2005 01:29:38 +0900
554 ca-certificates (20050518) unstable; urgency=high
556 * fix ca-certificates.crt generationumask-sensitive and racy
558 * update mozilla/certdata.txt
559 add: "Certum Root CA", "Comodo AAA Services root"
560 "Comodo Secure Services root",
561 "Comodo Trusted Services root",
562 "IPS Chained CAs root", "IPS CLASE1 root", "IPS CLASE3 root",
563 "IPS CLASEA1 root", "IPS CLASEA3 root", "IPS Servidores root"
564 "IPS Timestamping root",
566 "Security Communication Root CA",
567 "Sonera Class 1 Root CA", "Sonera Class 2 Root CA",
568 "Staat der Nederlanden Root CA",
569 "TDC Internet Root CA", "TDC OCES Root CA",
570 "UTN DATACorp SGC Root CA", "UTN USERFirst Email Root CA",
571 "UTN USERFirst Hardware Root CA", "UTN USERFirst Object Root CA"
572 * add CACert.org's Root CA
573 closes: Bug#213086, Bug#288293
574 * add debian/po/vi.po
576 * add debian/po/cs.po
578 * write "How certificate will be accepted in ca-certificates package"
581 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 18 May 2005 00:40:54 +0900
583 ca-certificates (20040809) unstable; urgency=low
585 * previous version was not fixed Bug#255933 correctly.
586 update-ca-certificates now remove symlinks of deselected entries
587 in ca-certificates.conf
590 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 9 Aug 2004 03:23:20 +0900
592 ca-certificates (20040808) unstable; urgency=low
594 * run update-ca-certificates by /bin/sh -e
596 * update-ca-certificates remove symlinks of deselected entries
597 in ca-certificates.conf
599 * change default of trust_new_crts from 'ask' to 'yes'
600 closes: Bug#218838, Bug#221527, Bug#236675, Bug#247509
601 * refer libssl0.9.7 instead of libssl0.9.6 in Enhances:
603 * add brasil.gov.br certs
605 * add Signet CA Roots certs
607 * add QuoVadis CA Roots certs
619 * fix quote characters in template
621 * remove debian.org, because certs used in db.debian.org has been
622 revoked due to debian.org crack incidents.
623 db.debian.org uses certificates using spi-inc.org Root CA.
625 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 8 Aug 2004 10:58:30 +0900
627 ca-certificates (20031007.1) unstable; urgency=low
630 * Add brasil.gov.br/brasil.gov.br.crt, created from
631 http://www.icpbrasil.gov.br/certificadoACRaiz.crt
632 * Add debian/po/pt_BR.po: closes: Bug#224612
634 -- Otavio Salvador <otavio@debian.org> Thu, 5 Aug 2004 12:16:26 -0300
636 ca-certificates (20031007) unstable; urgency=low
638 * add debian/po/ru.po: closes: Bug#214371
640 -- Fumitoshi UKAI <ukai@debian.or.jp> Tue, 7 Oct 2003 03:06:06 +0900
642 ca-certificates (20030924) unstable; urgency=low
644 * add debian/po/ja.po: closes: Bug#212565
646 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 24 Sep 2003 22:09:09 +0900
648 ca-certificates (20030916) unstable; urgency=low
650 * add debian/po/fr.po: closes: Bug#211224, Bug#206769
651 * debian/config: if new cert is asked, don't ask all available certs
654 -- Fumitoshi UKAI <ukai@debian.or.jp> Wed, 17 Sep 2003 02:12:14 +0900
656 ca-certificates (20030915) unstable; urgency=low
658 * debian/config.in: fix typo. closes: Bug#190990
659 * add option for new CA certificates. closes: Bug#190989
660 * switch to gettext-based debconf templates. closes: Bug#205782
661 * update mozilla/certdata.txt from mozilla 1.4 release
663 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 15 Sep 2003 01:15:04 +0900
665 ca-certificates (20030420) unstable; urgency=low
667 * add README.Debian and update-ca-certificates(8). closes: Bug#189604
668 * fix broken English in debconf template. closes: Bug#189606
669 * don't remove symlinks in /etc/ssl/certs. closes: Bug#189607
670 * preserve comments in /etc/ca-certificates.conf when upgrading.
673 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 21 Apr 2003 00:06:01 +0900
675 ca-certificates (20030415) unstable; urgency=medium
677 * fix upgrade problem
678 closes: Bug#188938, Bug#188940
681 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 23:00:58 +0900
683 ca-certificates (20030414) unstable; urgency=medium
685 * certificates are installed in /usr/share/ca-certificates
686 you can find md5sum of certs files. closes: Bug#170777
688 * debconf to generate /etc/ca-certificates.conf
689 * update-ca-certificates update /etc/ssl/certs according
690 /etc/ca-certificates.conf
691 It also generate /etc/ssl/certs/ca-certificates.crt
692 which is single-file version of certs.
695 * change extension from .pem to .crt in /usr/share/ca-certificates
697 application/x-x509-ca-cert crt
698 but it will be hardlink or copied in /etc/ssl/certs with .pem
699 extension by update-ca-certificates.
700 c_rehash requires .pem extension
702 * Update certificate from mozilla 2:1.3-4
703 mozilla/security/nss/lib/ckfw/builtins/certdata.txt
704 cefd05b299ea683fc6b1ce9ff1e23a3f mozilla/certdata.txt
706 * Add spi-inc.org/spi-ca.crt from http://www.spi-inc.org/secretary/
707 33922a1660820e44812e7ddc392878cb spi-inc.org/spi-ca.crt
708 % openssl x509 -in spi-inc.org/spi-ca.crt -fingerprint -noout
709 MD5 Fingerprint=ED:85:3A:FD:32:43:13:73:91:4D:94:06:C4:10:EB:E5
711 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 14 Apr 2003 00:02:48 +0900
713 ca-certificates (20020323) unstable; urgency=low
715 * Moved from non-US to main now that openssl has moved there.
717 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 24 Mar 2002 03:11:54 +0900
719 ca-certificates (20020208) unstable; urgency=low
721 * add db.debian.org certificate
723 -- Fumitoshi UKAI <ukai@debian.or.jp> Fri, 8 Feb 2002 23:46:11 +0900
725 ca-certificates (20020112) unstable; urgency=low
727 * upload to non-US instead of main, because it depends on openssl
728 (it uses c_rehash in openssl in maintainer scripts)
730 -- Fumitoshi UKAI <ukai@debian.or.jp> Sun, 13 Jan 2002 04:30:28 +0900
732 ca-certificates (20020107) unstable; urgency=low
734 * Initial Release. closes: Bug#126586
736 -- Fumitoshi UKAI <ukai@debian.or.jp> Mon, 7 Jan 2002 21:16:51 +0900